Browse related articles
Safer surfing
Internet Explorer 7 for Vista has a new protected mode, meaning it can be run in a special, 'low-privilege' version, preventing any malicious content from being downloaded. IE 7 will only be able to write to the History and Temporary Internet folders, preventing malware hijacking a browser.
IE 7 will also have in-built anti-phishing technology, protecting users from fake or 'spoof' websites that imitate banks and e-commerce sites, trying to collect data. It will warn whenever a potentially risky site is visited, using a database of blacklisted sites.
There are also extensive parental controls to limit browsing to certain sites and categories of site, and restrict what programs can run.
Stopping malwares
Windows Resource Protection prevents potentially damaging system configuration changes by preventing change to system files and settings by any process other than Windows Installer. It means that unauthorised software, such as malware, should be blocked.
Address space randomisation loads system files at 256 random locations in memory. This makes it much harder for viruses to locate and abuse them.
Windows Service Hardening stop Windows services from operating on files, the registry or networks they are not supposed to. This stops malwares getting in by piggybacking on system services.
Delving into some geek speak, Microsoft has also reduced the amount of kernel-level code in Vista. This means that printer drivers, antivirus scanners and others will only install on the user level, keeping the kernel more stable.
Bye bye spyware
Windows Defender is Microsoft's anti-spyware utility, and will be integrated into Vista. Like SpyBot and AdAware, it scans the system for spyware. But Defender also includes real-time security agents that monitors areas of Vista for possible changes caused by spyware. There is also a SpyNet network so users can communicate with Microsoft to check questionable apps.
Windows Firewall has also been upgraded. It now supports outbound packet filtering. It will alert the user whenever an unapproved program tries to connect to the internet. And on new OS installs, the Firewall will be enabled with no exceptions allowed until patching is complete.
With Network Access Protection, computers connecting to a network will also be given certificates based on their 'system health'. Those that don't make the requirements can be warned, denied or granted only limited access to the network.
Criticism
There has been criticism of Vista's security features. A report by Boston-based Yankee Group in May warned that the intrusive nature of the security features could frustrate both IT administrators and users. Analysts described them as unnecessarily repetitive and patronising, with User Account Control particularly problematic.
Other security experts say that Vista's hardware-based encryption, BitLocker Drive Encryption, will make it much harder to set up PCs to dual boot in Linux. This is because it blocks the exchange of data needed in a dual-boot system.
Symantec recently found numerous bugs in the latest Vista beta, including new security flaws. They're warning that in the short-term, Vista's networking technology will be less stable than Windows XP's.
Firewall developer Agnitum claim Kernel Patch Protection will makes it harder to integrate third-party security tools in Vista. It says independent vendors will have to use hacking tactics to get their code to work.
Anti-virus companies also predict that no matter what Microsoft or any security software company develops, virus writers will find a way round it. The greatest danger is lulling users into a false sense of belief that they are 100% 'safe'. What is needed is strong, updated security software and continuing user education about protecting oneself from problems.
Facebook
del.icio.us
Digg
Lisa Creffield, Correspondent
Web Feeds